<?php
include ('header.php');
if ($admin==1) {
sql_query ("CREATE TABLE IF NOT EXISTS `menu` (
`id` INT NOT NULL AUTO_INCREMENT ,
`title` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`desc` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`address` VARCHAR( 65535 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
`access` INT NOT NULL default '1',
`menu` INT NOT NULL ,
`type` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL 
PRIMARY KEY ( `id` ) 
) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_general_ci;") or die(mysql_error());

//Изменяем
if ($actp=='update')
{
$title = mysql_real_escape_string($_POST['title']);
$address = translitURL($_POST['address']);
$desc = mysql_real_escape_string($_POST['desc']);
if(isset($_POST['access'])) {if(!preg_match('/[^0-9]/ui',$_POST['access'])) {$access=$_POST['access'];} else { echo 'Хакер?=))';}};
if(isset($_POST['id'])) {if(!preg_match('/[^0-9]/ui',$_POST['id'])) {$id=$_POST['id'];} else { echo 'Хакер?=))';}};
//echo 	'@'.$id.'@'.$title.'@'.$address.'@'.$desc;
sql_query ("
UPDATE `menu` SET 
`title` = '$title',
`access` = '$access',
`desc` = '$desc',
`address` = '$address' 
WHERE `id` ='$id';") or die(mysql_error());
echo 'Изменено';
	}


//добавляем
if ($actp=='add') {
$title = mysql_real_escape_string($_POST['title']);
$address = translitURL($_POST['address']);
$desc = mysql_real_escape_string($_POST['desc']);
if(isset($_POST['access'])) {if(!preg_match('/[^0-9]/ui',$_POST['access'])) {$access=$_POST['access'];} else { echo 'Хакер?=))';}};
	sql_query ("INSERT INTO `menu` VALUES (
NULL , '$title', '$desc', '$address', '$access');") or die(mysql_error());
echo 'Добавленно';
}

if ($act=='delete') {
	$id = mysql_real_escape_string($_GET['id']);
	sql_query ("DELETE FROM `menu` WHERE `id` = '$id';") or die(mysql_error());
	echo 'Удалено';}




	$categz=sql_query ("SELECT * FROM `menu`");
	echo '<table width="100%" border="1">
  <tr>
    <th scope="col">ИД</th>
    <th scope="col">Название</th>
    <th scope="col">Описание</th>
    <th scope="col">Адрес</th>
    <th scope="col">Доступ</th>
	<th scope="col">Действия</th>
  </tr>';
	while ($categ = mysql_fetch_array($categz))
	{
	echo '
<tr style="vertical-align:top">
    <td><form action="category.php" method="post"><input name="id" type="hidden" value="'.$categ['id'].'" />'.$categ['id'].'</td>
    <td><input name="title" type="text" value="'.$categ['title'].'" style="width:98%"></td>
    <td><textarea name="desc" style="width:98%">'.$categ['desc'].'</textarea></td>
    <td><input name="address" type="text" value="'.$categ['address'].'" style="width:98%"></td>
    <td><select size="1" name="access" style="width:98%">
  <option value="1"';  if ($categ['access']!=0 && $categ['access']!=2) {echo ' selected';}; echo '>для всех</option>
  <option value="2"';  if ($categ['access']!=0 && $categ['access']!=1) {echo ' selected';}; echo '>для зарегистрированных</option>
  <option value="0"';  if ($categ['access']!=1 && $categ['access']!=2) {echo ' selected';}; echo '>для админов (черновик)</option>
	</select></td>
	<input name="act" type="hidden" value="update" />
	<td><input name="" type="submit" value="Изменить" /></form>
	<a href="?act=delete&amp;id='.$categ['id'].'"><strong>Удалить</strong></a></td>
</tr>';
	}
	echo '
</table>';

echo '<br /><br /><form action="category.php" method="post">
	Название: &nbsp;<input name="title" type="text" style="width:500px">
    <br />Описание: <textarea name="desc" style="width:500px"></textarea>
    <br />Адрес: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input name="address" type="text" style="width:500px">
    <br />Доступ: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<select size="1" name="access" style="width:500px">
  <option value="1">для всех</option>
  <option value="2">для зарегистрированных</option>
  <option value="0">для админов (черновик)</option>
	</select>
	<input name="act" type="hidden" value="add" /><br />
	<input name="" type="submit" value="Добавить" /></form>';

include ('footer.php');
} else {echo 'Недостаточно прав';};
?>